Easy Desk Newsletters

Previous - Next - All Newsletters

Secrets of the Windows System File Protection

As you may or may not know since Windows 98 was introduced and all proceeding versions of Windows contain a System File Checker. Windows 98, 98 SE, ME, XP, 2000, 2003 all have one, some are hidden and some are manual. In Windows XP, 2000, and 2003 all have Windows File Protection and a System File Checker, while ME only has the Windows File Protection. Although their are really one of the same, they are different but the both use the Sfc.dll to function.

The Windows File Protection runs all the time in the background while the System File Checker is started manually or at bootup.

Windows 98 and 98 SE use only the System File Checker, it is accessed by opening MSinfo32.exe which is System Information. You will find the System File Checker in the Tools menu. It is configurable by selecting the Setting button. The draw back to this version was that when you need to replace a file because it was corrupt, deleted, or wrong version for one of your programs, it would install the original Windows version only. So if you you had added a program like Word that changed the Rich32.dll to a newer version, running the System File Checker would want to restore it back to an older version. However, 98 allowed you to skip restoring the file, even though it reported it as the wrong file or corrupted.

Then alone came Windows 2000 and ME, and Microsoft decided to replace files behind your back. They added the Windows File Protection (WFP). Windows XP, 2000, and 2003 also use WPF as well as the System File Checker (SFC). This was not so bad, if you knew how to make adjustments, but MS never told you how, so you are stuck with the files that come with Windows 2000 or its' updates when you change a protected file.

Windows 2000 and newer versions of Windows only watches certain files, about 1,700 to 2,500 files. This version of the System File Checker is called Windows File Protection although the Registry setting are "SFC" . This does not leave you much room for updating your files even if the update it valid. If you replace the file Scrrun.dll with a newer version that one of your programs may require, Windows will immediately replace it with it own. To prove this, try deleting this file. It should delete unless it is in use, then in a few seconds it will reappear, yet the deleted file will be in the recycle bin. Push the F5 button to refresh the view in the Windows Explorer.

Well Windows XP and Windows 2003 use the same System File Checker as Windows 2000. Windows will replace the file using a stored file in the System32\dllcache folder. If the file is not there it looks at the Catalog files (.cat), then try's to replace the file using the I386 folder. If the I386 folder is not found it looks and asks for the Windows CD.

So now that you know this you can trick Windows into restoring a file of your choosing by renaming the I386 folder and putting the file in the dllcache folder. If windows does not like the file it will request the CD, just tell Windows to except the new file. In some cases Windows will not replace a file till reboot, when the System File Checker is run.

FYI, System Sentry allows you to restore either the Windows original file or the last file that it save. However it does not overwrite the dllcache file unless you select the option to replace the dllcache file also. This is done to ensure that if you make a bad decision Windows can fix it. If your sure of your decision then you can disable "SFC ", the System File Checker", or trick it.

Now for some secret Registry edits that control SFC and WFP. Most of the settings for XP, 2000, 2003 are stored at the Registry Key HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ Winlogon. WFP settings are disguised as SFC settings.

To disable Window File Protection add or edit the dword value "SFCDisable" to read 0xffffff9d, to enable it the value is 0x00000000. This does not disable the SFC utility, SFC.exe located in the System32 folder.

To increase the amount of space WFP is allowed to store files in the dllcache folder add or edit the dword value of "SFCQuota" and set it to the size you want to use in megabytes. The Default setting is 0xffffffff. You can use the decimal setting to set the size you want. entire 200 for 200 megabytes of space.

To change the location of the dllcache folder add or edit the Expandable String value "SFCDllCacheDir" value to what ever path you want. If you move it to D:\MyBackups\Dllcache the entire D:\MyBackups. If this Key does not Exist you can create a String value instead. If you want to use the default value just delete the Key or create a new Expandable String Key and set it to %SystemRoot%\System32

You can have Windows display a progress meter during its scans by adding or editing the dword value "SFCShowProgress" and set it to 0x00000001 (1) to disable it set it to 0x00000000 (0). I like the little window myself.

You can also tell SFC how to scan, add or edit the value "SFCScan", 0 to disable it, 1 to scan every boot, and 2 to scan once. This Key is effects the scanning only not the background running of the Windows File Protection.


About Us | Privacy Policy | Contact Us | FAQ|Help Files |Humor|©2009 Easy Desk Software